Government organizations, such as military and intelligence agencies, and large financial institutions have very stringent security policies. They classify data using various security tags and users are given fine grained access rights to such data. For instance, data may be marked with security levels, such as unclassified, confidential, secret, classified, top secret, etc. Data may also optionally be marked with additional security information, called a compartment, and multiple compartments may be used in a single security label. For example, one item may be labeled “confidential foo” and another item may be labeled “secret bar.” An important aspect of security with these systems is that users may have different security access rights. For example, one user may be allowed to access security levels up to confidential and compartment “foo,” while a second user may be allowed to access security levels up to top secret and compartment “bar.” The second user cannot access items labeled “confidential foo,” while the first user does have authorization to access this information. A user must have access rights to both the security level and compartments of the security label for the item being accessed. Traditionally, this stringent security requirement has been termed “Multi-Level Security” (MLS). To satisfy such requirements, various software vendors offer MLS operating environments for single computers, such as RED HAT ENTERPRISE LINUX 5 that incorporates SECURITY ENHANCED LINUX, TRUSTED AIX, TRUSTED HP-UX. SUN MICROSYSTEMS offers SOLARIS TRUSTED EXTENSIONS—a MLS operating system.
MLS operating systems run on a single machine, and therefore the MLS systems suffer from single point of failure. MLS operating systems lack high availability capabilities that allow computing systems to be used to their full potential. For example, the power of computer technology, including CPU, memory, storage, and network, has been growing faster than the needs of many applications. High availability allows redundant computing devices, including processors, storage, and networks, to host multiple applications and resources to share between many users. Without high availability, down-time of applications and services on such deployments can occur due to myriad possible failures, such as application hang, operating system crash, and hardware failure. Therefore, there is a need for MLS systems with high availability capabilities.